Police in Moscow, in collaboration with the Department for Combating Cybercrime (UBK) and officers from the Astrakhan region, have detained a group of hackers believed to be responsible for the creation and distribution of the notorious Meduza Stealer information-stealing malware. Irina Volk, a police general and official with the Russian Ministry of Internal Affairs, announced the successful operation via Telegram, noting that the perpetrators had been developing and selling the malicious software through hacker forums for approximately two years. This represents a significant law enforcement action against a prominent cybercrime operation.
The Meduza software is a potent infostealer designed to pilfer sensitive data, including account credentials, cryptocurrency wallet information, and other personal data stored within users’ web browsers. The creators operated under a malware-as-a-service (MaaS) business model, providing access to other cybercriminals in exchange for a subscription fee. This accessible distribution method allowed the sophisticated malware to be widely utilized across the dark web market.
Technologically, Meduza was considered one of the more advanced information stealers available. Notably, since December 2023, the malware was capable of “reviving” expired authentication cookies from Chrome, a feature that significantly eased the process of account takeover for its subscribers. Furthermore, a researcher tracking the info-stealer space, ‘g0njxa’, has connected this same group of arrested individuals to the development and distribution of the Aurora Stealer, another prominent malware-as-a-service that gained traction in 2022.
While Russia has historically tolerated domestic cybercriminal activities so long as Russian citizens or organizations were not the targets, this case took a different turn. The authorities initiated a criminal investigation after discovering that some Meduza operators had targeted an institution in Astrakhan, Southern Russia, in May, successfully stealing confidential data from its servers. This local infringement provided the jurisdictional impetus for the arrests.
The three individuals now face criminal charges under Part 2, Article 273 of the Russian Criminal Code, which pertains to the “creation, use, and distribution of malicious computer programs.” The arrests in Moscow underscore a rare instance of Russian law enforcement taking decisive action against a financially successful, internationally recognized hacking group operating within its borders, specifically because their activities ultimately impacted a domestic institution.
Reference:
